Some things aren’t easy even when they should be.

Motivated by an article in the most recent issue of c’t called Absender-Authentifizierung sch├╝tzt vor Spam I decided to give it a shot and install certificates into Mail.app, the default E-Mail programm for OS X. This was not exactly a trivial issue, but the goal was worth it: being able to digitally sign my e-mail and also use encryption. (I am an avid user of PGP/GPG encryption technology since the late nineties, but I also wanted to check out this alternative, since, sadly, very few people actually use PGP.) First I wanted to use the certificate provided by the German mail provider web.de. Since that did initially not work as intended, I checked an enormously helpful site called macosxhints. There I found quite a few tips that helped me tackle certification, signing, and encrypting issues in Mac OS X. Since I had problems with the web.de certificates I decided to follow the advices on that macosxhints and got myself free personal e-mail certificates from thawte. After a few experiments I finally got the certificates installed: I had to use either Firefox or Mozilla to install the certificates into these browsers and then was able to ex- and import these certificates into the Mac OS X keychain, which is used by Mail, Safari and other Mac OS X native apps. After importing these certificates everything went as expected. For good measure I later installed the root certificates of web.de , the DFN, and several relevant German universities.

Regarding the problems I had with the web.de certificate: I did not install the web.de root certificates when I first tried to use their certificate for signing purposes, which might be the reason why it did not work. Problem is, I was looking for a link to the root certificates in my personal options pages at web.de but did not find anything. They weren’t even mentioned, even though I explicitly looked for them. One more thing regarding web.de: the c’t article gives a link to the web.de TrustCenter, saying that under this link free certificates can be acquired. This is not true anymore. One has to have a web.de account to get a certificate. (The account is free though – but I think the author thought registration for an account wasn’t necessary, otherwise it would probably have been mentioned.)

Fingerprints for all of my keys/certificates can be found at the bottom of the sidebar on this page.

Tags: , , ,

Leave a Reply